Java Code Examples for org.apache.cxf.ws.security.tokenstore.SecurityToken#setX509Certificate()
The following examples show how to use
org.apache.cxf.ws.security.tokenstore.SecurityToken#setX509Certificate() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: IssuedTokenInterceptorProvider.java From steady with Apache License 2.0 | 6 votes |
|
private SecurityToken createSecurityToken(
AssertionWrapper assertionWrapper
) {
SecurityToken token = new SecurityToken(assertionWrapper.getId());
SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
if (subjectKeyInfo != null) {
token.setSecret(subjectKeyInfo.getSecret());
X509Certificate[] certs = subjectKeyInfo.getCerts();
if (certs != null && certs.length > 0) {
token.setX509Certificate(certs[0], null);
}
}
if (assertionWrapper.getSaml1() != null) {
token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
} else if (assertionWrapper.getSaml2() != null) {
token.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
}
token.setToken(assertionWrapper.getElement());
return token;
}
Example 2
| Source File: STSClient.java From steady with Apache License 2.0 | 6 votes |
|
public SecurityToken requestSecurityToken(
String appliesTo, String action, String requestType, String binaryExchange
) throws Exception {
STSResponse response = issue(appliesTo, action, requestType, binaryExchange);
SecurityToken token =
createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy());
if (response.getCert() != null) {
token.setX509Certificate(response.getCert(), response.getCrypto());
}
if (token.getTokenType() == null) {
String tokenTypeFromTemplate = getTokenTypeFromTemplate();
if (tokenTypeFromTemplate != null) {
token.setTokenType(tokenTypeFromTemplate);
} else if (tokenType != null) {
token.setTokenType(tokenType);
}
}
return token;
}
Example 3
| Source File: STSClient.java From steady with Apache License 2.0 | 6 votes |
|
public SecurityToken requestSecurityToken(
String appliesTo, String action, String requestType, String binaryExchange
) throws Exception {
STSResponse response = issue(appliesTo, action, requestType, binaryExchange);
SecurityToken token =
createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy());
if (response.getCert() != null) {
token.setX509Certificate(response.getCert(), response.getCrypto());
}
if (token.getTokenType() == null) {
String tokenTypeFromTemplate = getTokenTypeFromTemplate();
if (tokenTypeFromTemplate != null) {
token.setTokenType(tokenTypeFromTemplate);
} else if (tokenType != null) {
token.setTokenType(tokenType);
}
}
return token;
}
Example 4
| Source File: IssuedTokenInterceptorProvider.java From steady with Apache License 2.0 | 6 votes |
|
private SecurityToken createSecurityToken(
AssertionWrapper assertionWrapper
) {
SecurityToken token = new SecurityToken(assertionWrapper.getId());
SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
if (subjectKeyInfo != null) {
token.setSecret(subjectKeyInfo.getSecret());
X509Certificate[] certs = subjectKeyInfo.getCerts();
if (certs != null && certs.length > 0) {
token.setX509Certificate(certs[0], null);
}
}
if (assertionWrapper.getSaml1() != null) {
token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
} else if (assertionWrapper.getSaml2() != null) {
token.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
}
token.setToken(assertionWrapper.getElement());
return token;
}
Example 5
| Source File: STSClient.java From steady with Apache License 2.0 | 6 votes |
|
public SecurityToken requestSecurityToken(
String appliesTo, String action, String requestType, String binaryExchange
) throws Exception {
STSResponse response = issue(appliesTo, action, requestType, binaryExchange);
SecurityToken token =
createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy());
if (response.getCert() != null) {
token.setX509Certificate(response.getCert(), response.getCrypto());
}
if (token.getTokenType() == null) {
String tokenTypeFromTemplate = getTokenTypeFromTemplate();
if (tokenTypeFromTemplate != null) {
token.setTokenType(tokenTypeFromTemplate);
} else if (tokenType != null) {
token.setTokenType(tokenType);
}
}
return token;
}
Example 6
| Source File: IssuedTokenInterceptorProvider.java From steady with Apache License 2.0 | 6 votes |
|
private SecurityToken createSecurityToken(
AssertionWrapper assertionWrapper
) {
SecurityToken token = new SecurityToken(assertionWrapper.getId());
SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
if (subjectKeyInfo != null) {
token.setSecret(subjectKeyInfo.getSecret());
X509Certificate[] certs = subjectKeyInfo.getCerts();
if (certs != null && certs.length > 0) {
token.setX509Certificate(certs[0], null);
}
}
if (assertionWrapper.getSaml1() != null) {
token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
} else if (assertionWrapper.getSaml2() != null) {
token.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
}
token.setToken(assertionWrapper.getElement());
return token;
}
Example 7
| Source File: IssuedTokenPolicyValidator.java From cxf with Apache License 2.0 | 6 votes |
|
private SecurityToken createSecurityToken(
SamlAssertionWrapper assertionWrapper
) {
SecurityToken token = new SecurityToken(assertionWrapper.getId());
SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
if (subjectKeyInfo != null) {
token.setSecret(subjectKeyInfo.getSecret());
X509Certificate[] certs = subjectKeyInfo.getCerts();
if (certs != null && certs.length > 0) {
token.setX509Certificate(certs[0], null);
}
if (subjectKeyInfo.getPublicKey() != null) {
token.setKey(subjectKeyInfo.getPublicKey());
}
}
if (assertionWrapper.getSaml1() != null) {
token.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE);
} else if (assertionWrapper.getSaml2() != null) {
token.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
}
token.setToken(assertionWrapper.getElement());
return token;
}
Example 8
| Source File: STSClient.java From steady with Apache License 2.0 | 6 votes |
|
public SecurityToken requestSecurityToken(
String appliesTo, String action, String requestType, String binaryExchange
) throws Exception {
STSResponse response = issue(appliesTo, action, requestType, binaryExchange);
SecurityToken token =
createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy());
if (response.getCert() != null) {
token.setX509Certificate(response.getCert(), response.getCrypto());
}
if (token.getTokenType() == null) {
String tokenTypeFromTemplate = getTokenTypeFromTemplate();
if (tokenTypeFromTemplate != null) {
token.setTokenType(tokenTypeFromTemplate);
} else if (tokenType != null) {
token.setTokenType(tokenType);
}
}
return token;
}
Example 9
| Source File: IssuedTokenInterceptorProvider.java From steady with Apache License 2.0 | 6 votes |
|
private SecurityToken createSecurityToken(
AssertionWrapper assertionWrapper
) {
SecurityToken token = new SecurityToken(assertionWrapper.getId());
SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
if (subjectKeyInfo != null) {
token.setSecret(subjectKeyInfo.getSecret());
X509Certificate[] certs = subjectKeyInfo.getCerts();
if (certs != null && certs.length > 0) {
token.setX509Certificate(certs[0], null);
}
}
if (assertionWrapper.getSaml1() != null) {
token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
} else if (assertionWrapper.getSaml2() != null) {
token.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
}
token.setToken(assertionWrapper.getElement());
return token;
}
Example 10
| Source File: STSClient.java From cxf with Apache License 2.0 | 6 votes |
|
public SecurityToken requestSecurityToken(
String appliesTo, String action, String requestType, String binaryExchange
) throws Exception {
STSResponse response = issue(appliesTo, action, requestType, binaryExchange);
SecurityToken token =
createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy());
inlineAttachments(token, response.getAttachments());
if (response.getCert() != null) {
token.setX509Certificate(response.getCert(), response.getCrypto());
}
if (token.getTokenType() == null) {
String tokenTypeFromTemplate = getTokenTypeFromTemplate();
if (tokenTypeFromTemplate != null) {
token.setTokenType(tokenTypeFromTemplate);
} else if (tokenType != null) {
token.setTokenType(tokenType);
}
}
return token;
}
Example 11
| Source File: AsymmetricBindingHandler.java From cxf with Apache License 2.0 | 5 votes |
|
private String getSAMLToken() {
List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
.get(WSHandlerConstants.RECV_RESULTS));
for (WSHandlerResult rResult : results) {
List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
for (WSSecurityEngineResult wser : wsSecEngineResults) {
Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt.intValue() == WSConstants.ST_SIGNED
|| actInt.intValue() == WSConstants.ST_UNSIGNED) {
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
String id = (String)wser.get(WSSecurityEngineResult.TAG_ID);
SecurityToken tempTok = new SecurityToken(id, created, expires);
tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
tempTok.setX509Certificate(
(X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE), null
);
SamlAssertionWrapper samlAssertion =
(SamlAssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
if (samlAssertion.getSamlVersion() == SAMLVersion.VERSION_20) {
tempTok.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
} else {
tempTok.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE);
}
message.put(SecurityConstants.TOKEN, tempTok);
return id;
}
}
}
return null;
}
Example 12
| Source File: AbstractPolicySecurityTest.java From cxf with Apache License 2.0 | 4 votes |
|
protected void runOutInterceptorAndValidateSamlTokenAttached(String policyDoc) throws Exception {
// create the request message
final Document document = this.readDocument("wsse-request-clean.xml");
final Element outPolicyElement =
this.readDocument(policyDoc).getDocumentElement();
final Policy policy = this.policyBuilder.getPolicy(outPolicyElement);
AssertionInfoMap aim = new AssertionInfoMap(policy);
SoapMessage msg = this.getOutSoapMessageForDom(document, aim);
// add an "issued" assertion into the message exchange
Element issuedAssertion =
this.readDocument("example-sts-issued-saml-assertion.xml").getDocumentElement();
Properties cryptoProps = new Properties();
URL url = ClassLoader.getSystemResource("outsecurity.properties");
cryptoProps.load(url.openStream());
Crypto crypto = CryptoFactory.getInstance(cryptoProps);
// Sign the "issued" assertion
SamlAssertionWrapper assertionWrapper = new SamlAssertionWrapper(issuedAssertion);
assertionWrapper.signAssertion("myalias", "myAliasPassword", crypto, false);
Document doc = DOMUtils.newDocument();
issuedAssertion = OpenSAMLUtil.toDom(assertionWrapper.getSaml1(), doc);
String assertionId = issuedAssertion.getAttributeNodeNS(null, "AssertionID").getNodeValue();
SecurityToken issuedToken =
new SecurityToken(assertionId, issuedAssertion, null);
String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0], crypto);
msg.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID,
issuedToken.getId());
msg.getExchange().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
TokenStore tokenStore = new MemoryTokenStore();
msg.getExchange().getEndpoint().getEndpointInfo()
.setProperty(TokenStore.class.getName(), tokenStore);
tokenStore.add(issuedToken);
// fire the interceptor and verify results
final Document signedDoc = this.runOutInterceptorAndValidate(
msg, policy, aim, null, null);
this.runInInterceptorAndValidate(signedDoc,
policy, Collections.singletonList(SP12Constants.ISSUED_TOKEN), null,
Collections.singletonList(CoverageType.SIGNED));
}
Example 13
| Source File: STSClient.java From cxf with Apache License 2.0 | 4 votes |
|
protected List<SecurityToken> validateSecurityToken(SecurityToken tok, String tokentype)
throws Exception {
STSResponse response = validate(tok, tokentype);
Element el = getDocumentElement(response.getResponse());
if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
el = DOMUtils.getFirstElement(el);
}
if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) {
throw new Fault("Unexpected element " + el.getLocalName(), LOG);
}
el = DOMUtils.getFirstElement(el);
String reason = null;
boolean valid = false;
List<SecurityToken> tokens = new LinkedList<>();
while (el != null) {
if ("Status".equals(el.getLocalName())) {
Element e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Code");
String s = DOMUtils.getContent(e2);
valid = s.endsWith("/status/valid");
e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Reason");
if (e2 != null) {
reason = DOMUtils.getContent(e2);
}
} else if ("RequestedSecurityToken".equals(el.getLocalName())) {
SecurityToken token =
createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy());
if (response.getCert() != null) {
token.setX509Certificate(response.getCert(), response.getCrypto());
}
if (token.getTokenType() == null) {
String tokenTypeFromTemplate = getTokenTypeFromTemplate();
if (tokenTypeFromTemplate != null) {
token.setTokenType(tokenTypeFromTemplate);
} else if (tokenType != null) {
token.setTokenType(tokenType);
}
}
tokens.add(token);
}
el = DOMUtils.getNextElement(el);
}
if (!valid) {
throw new TrustException(LOG, "VALIDATION_FAILED", reason);
}
if (tokens.isEmpty()) {
tokens.add(tok);
}
return tokens;
}
Example 14
| Source File: AbstractPolicySecurityTest.java From steady with Apache License 2.0 | 4 votes |
|
protected void runOutInterceptorAndValidateSamlTokenAttached(String policyDoc) throws Exception {
// create the request message
final Document document = this.readDocument("wsse-request-clean.xml");
final Element outPolicyElement =
this.readDocument(policyDoc).getDocumentElement();
final Policy policy = this.policyBuilder.getPolicy(outPolicyElement);
AssertionInfoMap aim = new AssertionInfoMap(policy);
SoapMessage msg = this.getOutSoapMessageForDom(document, aim);
// add an "issued" assertion into the message exchange
Element issuedAssertion =
this.readDocument("example-sts-issued-saml-assertion.xml").getDocumentElement();
String assertionId = issuedAssertion.getAttributeNode("AssertionID").getNodeValue();
SecurityToken issuedToken =
new SecurityToken(assertionId, issuedAssertion, null);
Properties cryptoProps = new Properties();
URL url = ClassLoader.getSystemResource("outsecurity.properties");
cryptoProps.load(url.openStream());
Crypto crypto = CryptoFactory.getInstance(cryptoProps);
String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0], crypto);
msg.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
issuedToken.getId());
msg.getExchange().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
TokenStore tokenStore = new MemoryTokenStore();
msg.getExchange().get(Endpoint.class).getEndpointInfo()
.setProperty(TokenStore.class.getName(), tokenStore);
tokenStore.add(issuedToken);
// fire the interceptor and verify results
final Document signedDoc = this.runOutInterceptorAndValidate(
msg, policy, aim, null, null);
verifySignatureCoversAssertion(signedDoc, assertionId);
}
Example 15
| Source File: AbstractPolicySecurityTest.java From steady with Apache License 2.0 | 4 votes |
|
protected void runOutInterceptorAndValidateSamlTokenAttached(String policyDoc) throws Exception {
// create the request message
final Document document = this.readDocument("wsse-request-clean.xml");
final Element outPolicyElement =
this.readDocument(policyDoc).getDocumentElement();
final Policy policy = this.policyBuilder.getPolicy(outPolicyElement);
AssertionInfoMap aim = new AssertionInfoMap(policy);
SoapMessage msg = this.getOutSoapMessageForDom(document, aim);
// add an "issued" assertion into the message exchange
Element issuedAssertion =
this.readDocument("example-sts-issued-saml-assertion.xml").getDocumentElement();
String assertionId = issuedAssertion.getAttributeNode("AssertionID").getNodeValue();
SecurityToken issuedToken =
new SecurityToken(assertionId, issuedAssertion, null);
Properties cryptoProps = new Properties();
URL url = ClassLoader.getSystemResource("outsecurity.properties");
cryptoProps.load(url.openStream());
Crypto crypto = CryptoFactory.getInstance(cryptoProps);
String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0], crypto);
msg.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
issuedToken.getId());
msg.getExchange().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
TokenStore tokenStore = new MemoryTokenStore();
msg.getExchange().get(Endpoint.class).getEndpointInfo()
.setProperty(TokenStore.class.getName(), tokenStore);
tokenStore.add(issuedToken);
// fire the interceptor and verify results
final Document signedDoc = this.runOutInterceptorAndValidate(
msg, policy, aim, null, null);
verifySignatureCoversAssertion(signedDoc, assertionId);
}
Example 16
| Source File: AbstractPolicySecurityTest.java From steady with Apache License 2.0 | 4 votes |
|
protected void runOutInterceptorAndValidateSamlTokenAttached(String policyDoc) throws Exception {
// create the request message
final Document document = this.readDocument("wsse-request-clean.xml");
final Element outPolicyElement =
this.readDocument(policyDoc).getDocumentElement();
final Policy policy = this.policyBuilder.getPolicy(outPolicyElement);
AssertionInfoMap aim = new AssertionInfoMap(policy);
SoapMessage msg = this.getOutSoapMessageForDom(document, aim);
// add an "issued" assertion into the message exchange
Element issuedAssertion =
this.readDocument("example-sts-issued-saml-assertion.xml").getDocumentElement();
String assertionId = issuedAssertion.getAttributeNode("AssertionID").getNodeValue();
SecurityToken issuedToken =
new SecurityToken(assertionId, issuedAssertion, null);
Properties cryptoProps = new Properties();
URL url = ClassLoader.getSystemResource("outsecurity.properties");
cryptoProps.load(url.openStream());
Crypto crypto = CryptoFactory.getInstance(cryptoProps);
String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0], crypto);
msg.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
issuedToken.getId());
msg.getExchange().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
TokenStore tokenStore = new MemoryTokenStore();
msg.getExchange().get(Endpoint.class).getEndpointInfo()
.setProperty(TokenStore.class.getName(), tokenStore);
tokenStore.add(issuedToken);
// fire the interceptor and verify results
final Document signedDoc = this.runOutInterceptorAndValidate(
msg, policy, aim, null, null);
verifySignatureCoversAssertion(signedDoc, assertionId);
}
Example 17
| Source File: AbstractPolicySecurityTest.java From steady with Apache License 2.0 | 4 votes |
|
protected void runOutInterceptorAndValidateSamlTokenAttached(String policyDoc) throws Exception {
// create the request message
final Document document = this.readDocument("wsse-request-clean.xml");
final Element outPolicyElement =
this.readDocument(policyDoc).getDocumentElement();
final Policy policy = this.policyBuilder.getPolicy(outPolicyElement);
AssertionInfoMap aim = new AssertionInfoMap(policy);
SoapMessage msg = this.getOutSoapMessageForDom(document, aim);
// add an "issued" assertion into the message exchange
Element issuedAssertion =
this.readDocument("example-sts-issued-saml-assertion.xml").getDocumentElement();
String assertionId = issuedAssertion.getAttributeNode("AssertionID").getNodeValue();
SecurityToken issuedToken =
new SecurityToken(assertionId, issuedAssertion, null);
Properties cryptoProps = new Properties();
URL url = ClassLoader.getSystemResource("outsecurity.properties");
cryptoProps.load(url.openStream());
Crypto crypto = CryptoFactory.getInstance(cryptoProps);
String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0], crypto);
msg.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
issuedToken.getId());
msg.getExchange().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
TokenStore tokenStore = new MemoryTokenStore();
msg.getExchange().get(Endpoint.class).getEndpointInfo()
.setProperty(TokenStore.class.getName(), tokenStore);
tokenStore.add(issuedToken);
// fire the interceptor and verify results
final Document signedDoc = this.runOutInterceptorAndValidate(
msg, policy, aim, null, null);
verifySignatureCoversAssertion(signedDoc, assertionId);
}
